Skip to main content
Question

How to read 3rd party files

  • May 22, 2025
  • 1 reply
  • 24 views
C
Forum|alt.badge.img

Hi.
I have a web application which allows users to upload files and the receive a report with data from those files.
Since many of our clients store their files in Box, there would be value in being able to read their documents directly and automatically from Box instead of asking them to upload their files to our service manually.
I can think of at least 4 high-level ways to achieve this:
1) The client sends us some sort of token, and our application uses this token to access and read their Box files.
2) We create a custom Box application which reads files and posts them to our web application. We publish this to the Box Gallery.
3)  We create a custom Box application which reads files and posts them to our web application. We don't publish this app but we provide our clients with our app ID and they enable it.
4) The client goes to our web application, and logs in to Box on our website, which gives our web application a token with permission to access their box files.

I'm having difficulty figuring out from the developer documentation how to achieve the above. It isn't clear to me which authentication methods and endpoints are just for interacting with your own box files, and what needs to happen to interact with the files of a third party.

Could you please help me to understand:
1) Which of the above 4 approaches are (a) possible and (b) better or worse, if any.
2) Whether there is another way of doing this that I'm missing.
3) What authentication system to use.
4) What permissions (scopes?) are required.

Thank you kindly.

    1 reply

    C
    Forum|alt.badge.img

    Hi, 

    I think the best option is probably number 4 - assuming I understand the use case correctly. You would basically create an OAuth 2.0 application in Box that allows a user to login on your website. They would click "grant access to box." You can see something similar to this if you go to the reference pages of our developer documentation and click "try this api." That is the type of flow you would do for number 4. In terms of scopes... it depends. If you only want to read the files - that's all you would need them to give. It would take some trail and error though to figure out what exactly will work - since I don't know all the details of the use case. 

    Thanks, 

    Alex, Box Developer Advocate

    Terms of ServiceAccessibility statement